CGSS Flash Cards

Define U-turn payment

A U-turn payment is a payment in which a bank or other institution from country A sends a transaction through a bank in country B using an offshore bank. In the financial world, U-turn payments are most commonly known in relation to US sanctions—particularly to those imposed on Iran.

Define front company.

A front company is a business that is set up and controlled by another organization. Although front companies are not necessarily illicit, criminals use them to launder money by giving the funds the appearance of legitimate origin. Front companies may subsidize products and services at levels well below market rates or even below manufacturing costs

Define letter of credit.

A letter of credit is a credit instrument issued by a bank that guarantees payments on behalf of its customer to a third party when certain conditions are met.

Define license.

A license is a written authorization issued by a sanctions regulator that permits an activity that otherwise might be prohibited or restricted under a particular sanction. A general license is an exemption that all persons may transact under—an example would be transacting for purposes of humanitarian aid. A specific license is an exception for the applicant of the license and establishes the circumstances in which the applicant may transact if the license is granted. The EU distinguishes between economic resources, which are subject to sanctions, and consumptive use, which is not prohibited "owing to [the] consumptive nature and lack of transferability." These exemptions apply to domestic supplies such as gas, electricity, telephone, and other utilities.

What is a red flag?

A red flag is a warning signal that should bring attention to a potentially suspicious situation, transaction, or activity.

What are sectoral sanctions?

A sectoral sanction is a form of restriction focused on targeting key entities and sectors of a country's economy. Sectoral sanctions prohibit certain types of transactions with certain people or entities in the targeted country within a targeted sector of the economy. Sectoral sanctions are very dependent on facts and context when applied.

What are shelf companies, and why are they used?

A shelf company is a company that has been created months or years ahead of time, often by a law firm or an accounting firm. Then the "aged" company goes "on the shelf" until needed. Some investors use shelf companies to gain a clean business record. A company with an older date of incorporation often seems more reliable and is less likely to raise red flags. Jurisdictions that have more relaxed corporate laws can provide easy access to this setup through local attorneys or government officials.

Explain the scope of the terms "property" and "property interest" in the context of sanctions.

Although economic sanctions apply to property, the term "property" is very broadly defined to include much more than money and trade goods. In the US, the terms "property" and "property interest" include checks, merchandise, trademarks, annuities, and a broad array of other interests as defined in US law.

Define embargo.

An embargo is an official government action to ban trade or commercial activity with a specific country, sometimes involving a specific trade product (e.g., a grain embargo or an oil embargo).

What is an exclusions list?

An exclusions list is a list of names that are excluded from the sanctions screening process. These are names that the compliance team has verified do not actually match a name on a sanctions list.

In the context of sanctions, what is the significance of Articles 41, 25, and 48 of Chapter VII of the UN's founding charter?

Article 41 of Chapter VII of the UN's founding charter establishes the right to impose sanctions as a measure to achieve international peace and security. After the UN Security Council adopts a resolution, it is legally binding under Articles 25 and 48 of the UN Charter. Article 25 requires Member States to "accept and carry out the decisions of the Security Council in accordance with the present Charter." Article 48 of the Charter constitutes an affirmation of states' obligation under Article 25 of the Charter to accept binding decisions by the Council. Article 48 (1) allows the Council to limit such duties to selected members, and (2) makes an attempt to co-opt other international organizations into the United Nations peacekeeping system.

What do automated screening tools (ASTs) do?

Automated screening tools (ASTs) are software systems used by large financial institutions to facilitate the screening process, as opposed to manual screening. In general, ASTs are designed to screen against sanctions lists. ASTs generate hits against sanctions lists that may be consolidated into alerts based on, for example, a customer record. For one customer record there may be multiple hits against sanctions lists that are consolidated under one alert.

Define batch screening

Batch screening is the process of screening a firm's entire customer base and other associated entities, such as vendors, with automated screening tools (ASTs) on a periodic basis.

How do blockades differ from sanctions?

Blockades involve the deployment of military resources by land, air, or sea, by a country or coalition to prevent the movement of goods or people into or out of a targeted country. Sanctions, on the other hand, involve legal actions that are punitive or restrictive.

Why is a risk-based approach to sanctions compliance important, and what tool can firms use to implement such an approach?

Complying with sanctions requires using a risk-based approach. OFAC encourages organizations subject to US jurisdiction to use a risk-based approach to sanctions compliance by developing, implementing, and regularly updating sanctions compliance programs (SCPs). However, within an SCP, financial institutions cannot avoid all risk when it comes to doing business. So it is important that they take a risk-based approach. A risk assessment is an important tool that allows a business to identify and assess the extent to which it may be exposed to risk. In global banking, risk assessments form the foundation of a sound SCP.

How is consolidation of goods a method of sanctions evasion?

Consolidation of goods is a method of sanctions evasion in which a person or organization either groups small shipments into one larger shipment or mixes restricted items in with other goods and does not declare those restricted items in shipping documentation.

List at least five controls used within a sanctions compliance program to mitigate or reduce inherent risks.

Controls used within a sanctions compliance program to mitigate or reduce inherent risks include: • Governance • Policies and procedures • Know Your Customer/due diligence (including beneficial ownership) • Management information • Recordkeeping and retention • Sanctions blocks/rejections • Monitoring • Training and awareness • Independent testing

Why is it important for a firm to demonstrate a culture of compliance throughout the organization?

Embedding a culture of compliance into the overall structure of a firm is critical to the development and ongoing administration of an effective sanctions compliance program. Firms that have strong commitments to ethical values, such as honesty and integrity, tend to stay out of trouble and attract the best talent and the most desirable clientele. Although creating a culture of compliance cannot resolve all current or future issues, an effective compliance program focused on identifying and controlling risks is critical to the overall success of an institution. In fact, adopting a culture of compliance is the most effective way to prevent small issues from becoming systemic problems.

List at least three examples of prohibited transactions in the context of facilitation.

Examples of prohibited transactions under a facilitation "umbrella" include: • US parties may not approve, finance, or guarantee any transaction in which they themselves are prohibited from engaging. • US parties may not provide merchandise to be used in connection with a prohibited transaction or make a purchase for the benefit of a prohibited transaction. • US parties may not provide services in support of or in connection with prohibited activity. • US parties may not provide guidance on prohibited activity. • US parties may not alter their corporate policies to allow for prohibited transactions. • US parties may not refer business to a foreign person that would involve a prohibited transaction.

What is extraterritorial jurisdiction, or extraterritoriality?

Extraterritorial jurisdiction, also referred to as extraterritoriality, describes a state making, applying, and enforcing laws, regulations, and other rules of conduct in respect to persons, property, or activity beyond its territory. The US is the primary government engaged in applying extraterritoriality to its sanctions regime. The EU, believing that the practice of extraterritoriality violates international law, does not allow for the concept of extraterritoriality in relation to the sanctions restrictions it imposes. The EU describes extraterritorial sanctions as sanctions that "non-US citizens and companies are also expected to comply with" outside the jurisdiction of the US.

What does FATF Recommendation 6 specify regarding due diligence?

FATF's Recommendation 6 specifically addresses sanctions due diligence by requiring countries to implement targeted sanctions regimes to comply with UN Security Council resolutions that are relevant to sanctions.

Define the concept of globalization.

Globalization refers to the integration of national economic, trade, and communication operations by businesses engaging in international trade. Globalization generally includes the enlarging of national perspectives to international and interdependent perspectives of society. It advocates a freer transfer of goods, services, and assets across national and international boundaries. It is believed that globalization may limit the effectiveness of sanctions because a globalized market makes it easier to replace and reroute trade channels.

What are multilateral sanctions?

Multilateral sanctions are restrictions supported by more than one country or entity. These can be imposed by allies against a common enemy or for the purpose of realizing a greater economic and punitive impact. Multilateral sanctions, such as those imposed by the UN, are generally more effective than unilateral sanctions in achieving a foreign policy objective.

How do sanctions relate to terrorist activities?

One of the purposes of sanctions is to freeze and return resources that have been misappropriated by kleptocrats (i.e., corrupt leaders who exploit the people and resources of a state for personal gain). As such, sanctions can aim to prevent corrupt officials from embezzling and from accessing financial services in order to illegally launder money taken while they were ruling their countries.

What is the significance of reputational risk to financial firms?

Reputational risk is the potential that adverse publicity regarding a financial institution's business practices and associations, whether accurate or not, will cause a loss of confidence in the integrity of the institution. Banks and other financial institutions are especially vulnerable to reputational risk because they can become a vehicle for, or a victim of, illegal activities perpetrated by customers. Such institutions may protect themselves through Know Your Customer and know-your-employee programs.

Explain the concept of risk appetite.

Risk appetite is the amount of risk that a firm is willing to accept in pursuit of value or opportunity. A firm's risk appetite reflects its risk management philosophy and comfort level for undertaking business in situations in which there could be an elevated sanctions risk. In turn, risk appetite influences the firm's culture and operating style and guides resource allocation. An organization's risk appetite is determined through the risk-assessment process and formalized in a Risk Appetite Statement or Framework. A business should determine its risk appetite based on the resources it has to invest in controls, staffing, and measures to protect its reputation. Firms can have an overarching risk appetite (i.e., enterprisewide) and/or have risk appetites defined on a more granular level (e.g., by department).

How do SWIFT messages get separated as a sanctions evasion method?

Separating messages involves incorrectly using the MT202 payment with an underlying MT103 payment instead of the required MT202 Cover Payment. To avoid this, SWIFT introduced the Cover Method in 2007, but banks can still wrongly choose to not use it and separate the message.

Explain the principle of strict liability.

Strict liability is the principle that an organization is liable even if it did not intend to violate or knowingly violate a sanction. Organizations are liable even if they have robust sanctions compliance programs in place.

How is "spoofing" used in traderelated sanctions evasion activities?

The term "spoofing" describes when a ship continues to transmit Automatic Information System (AIS) data while hiding its identity or manipulating its location. This occurs through the manipulation of AIS data. Spoofing can be done by forcing a stronger signal to override the AIS transmitted signal or through other hacking means.

Define transshipment.

Transshipment is the shipment of goods through intermediate countries, sometimes involving transfer from one vessel to another, before reaching an intended destination. Transshipment can be used to avoid blockades at the ports of entry for sanctioned regimes or to hide the identity of the country of origin at the destination location. Transshipment is prohibited by some governments and entities.

Define unilateral sanctions.

Unilateral sanctions are sanctions imposed by a single country against a targeted entity. These types of sanctions are generally considered less effective than multilateral sanctions, although they do serve to target specific offensive practices on behalf of imposing nations. For example, the Magnitsky Act in the US allows for unilateral, global sanctions to be imposed on human rights offenders. Assets can be frozen, and offenders may be barred from entering the US. In the 1980s, Australia autonomously banned shipments of uranium to France. With few exceptions (for example, the EU), unilateral sanctions are typically referred to as autonomous sanctions.

What information is included in a bill of exchange?

A bill of exchange is a shipping document that shows the means by which exporters are paid for the goods that are to be shipped, including information such as the names of the exporter, importer, issuing bank, and the bank where the funds will be drawn

Define bill of lading.

A bill of lading is a required document that a carrier issues as a receipt of cargo. It includes the type and quantity of cargo, as well as the destination

What four options does a firm have for managing its residual risk?

A business has four options for managing its residual risk: 1. It can transfer the risk. However, because a firm cannot transfer accountability for sanctions compliance to someone else, this is not always a good option. The firm would need to ensure the vendor is qualified and has effective controls. 2. It can avoid the risk. If the level of risk exceeds its risk appetite, the firm may decide to discontinue or fail to pursue a given line of products, or decide not to accept business relationships with customers who, for example, undertake business in certain countries. 3. It can seek to further mitigate the risk by, for example, decreasing "fuzzy logic" thresholds, increasing monitoring, adopting other controls, and/or strengthening current controls. 4. It can accept the risk.

What is a corporate register, and how can you obtain that information?

A corporate register is a listing of key information about a company, such as when a corporation was formed and who its owners and directors are. Corporate (or company) registers are often publicly available on the company's website or websites maintained by professional associations or entities, such as chambers of commerce or legal databases. In the United States, the secretary of state for each state and the District of Columbia maintains an online register for corporations doing business in that state.

What is sanctions evasion?

A counterparty is the other side of a transaction—the seller where the customer is the buyer, or vice versa. An institution establishes counterparty relationships with other third-party participants in a transaction for an established customer. Another way to establish a counterparty relationship is to provide a service to an individual or entity that has not established a full customer relationship. Such a relationship usually exists only for the life of the transaction itself.

What causes a false positive screening result?

A false positive is a hit identified during the screening process as a possible alert, but when reviewed, is found not to be a match to a target named on a sanctions list. False positives often result when the threshold percentage of the automated screening tool is set too low.

What is the significance of a hit within the sanctions screening process?

A hit is a potential match or name match during the sanctions screening process that indicates a possible sanctioned person. Automated screening tools generate hits against sanctions lists that may be consolidated into alerts based on, for example, a customer record. For one customer record, there may be multiple hits against sanctions lists that are consolidated under one alert.

Define mirror trade

A mirror trade is a type of trade that involves buying securities in one currency and then selling identical ones in another currency.

What is a partial match?

A partial match is a result generated by an automated screening tool. It means the entity being screened is similar enough to the sanctioned entity based on fuzzy logic and potentially other identifying factors, such as date of birth. Partial matches require further human intervention to determine whether the match is a target match (or true match), i.e., whether the name being screened is the same entity as the sanctioned target.

Describe a sanctions compliance program (SCP), including its five essential components.

A sanctions compliance program (SCP) is a program run by a firm to comply with regulator expectations concerning sanctions compliance and to manage the firm's sanctions risk. OFAC encourages organizations subject to US jurisdiction to use a risk-based approach to sanctions compliance by developing, implementing, and regularly updating SCPs. SCPs follow a similar methodology to that adopted by anti-money laundering compliance programs. According to OFAC, the five essential components of an SCP are (1) management commitment, (2) risk assessment, (3) internal controls, (4) testing and auditing, and (5) training.

Generally, what is involved in a sanctions investigation?

A sanctions investigation is the process of obtaining, evaluating, recording, and storing information about an individual or legal entity with whom one is conducting business, in response to an alert indicating a possible sanctions violation. Investigations often begin with simple checks before progressing to further investigation such as account review, customer outreach, and possible escalation to the compliance function.

What is a sanctions regime?

A sanctions regime is a set of sanctions that have a common nexus or theme. Sanctions regimes are either referred to by the issuer of the set of sanctions or by the intended purpose of the set of sanctions. For example, the "OFAC sanctions regime" or the "North Korea sanctions regime." Depending on the context, a sanctions regime may be limited to unilateral sanctions or may include multilateral sanctions.

How do scenarios help a firm detect sanctions violations?

A scenario is a set of rules or models that reflect known sanctions typologies or ways in which sanctions violations occur. Scenarios enhance an AST's ability to detect possible sanctions violations specific to an organization and detect red flags such as: • Using the financial institution's address in payment message fields where the customer's address should be disclosed • Resubmitting payment messages that were previously rejected, but removing or altering information • Submitting payment messages that include multiple, unrelated customers with the same physical address Scenarios are identified through industry sources, an organization's sanctions risk assessment results, and historical detection indicators, such as previous positive hits and true matches.

Explain the term "sham divestment."

A sham divestment is a transaction in which a sanctions target sells assets or equity to close associates or other affiliated persons. These can include friends, colleagues, subordinates, business partners, and family members. Similar to using an isolation company, the sanctions target no longer appears to "own" the assets or shares in a company. However, the target continues to influence or control the asset or the company's operations.

What is a target match?

A target match occurs when the name/ identification of a party is the same as that of one named on a sanctions list. It is also referred to as a true match and results from sanctions screening. Generally, when a true match is identified, or a potential match cannot be discounted, an alert is escalated through a dedicated flow in the screening tool or other communication channels to the Sanctions Compliance Officer for review, further investigation if necessary, and then reporting.

What is a whitelist?

A whitelist is a firm's internal list of individuals and entities whose characteristics trigger a hit or alert by an AST (automated screening tool), but who are found not to be a match to a sanctions list. Some ASTs allow users to attach supplementary information that supports the conclusion that this person or entity is not a sanctions target and warrants inclusion on the whitelist.

What are the five steps comprising a typical sanctions investigation?

Although the details of every investigation are unique, most investigations share a common process. Case investigation teams and alert management teams often use a five-step decision tree to determine which alerts can reasonably be discounted and which alerts warrant an investigation: 1. Determine whether a sanctions restriction applies to the case under investigation. 2. Determine what types of restrictions the applicable sanctions impose. 3. Determine whether the sanctions that might apply have actually been violated. 4. Determine how the sanctions violation occurred. 5. Record and document the findings.

What are the possible outcomes of assessing a hit?

An analyst's review of a hit will result in one of the following outcomes: 1. A target match—when the review concludes that the party identified is in fact the same as the one named on a sanctions list 2. Escalate to a case investigation—generally enough information will not be present to initially determine whether a hit is a target match; therefore, escalation to a case investigation is required to conduct additional due diligence and research 3. A false positive—not a match to a target named on a sanctions list 4. A false negative—the hit is dismissed, but is in fact a match to a target named on a sanctions list

How is an end-user certificate used?

An end-user certificate is a shipping document used to certify that a buyer is the final recipient of the materials and is not planning to transfer the materials to another party. Arms, ammunition, and certain other sensitive merchandise require an end-user certificate or attestation that the goods will not be further sold or shipped. This certificate or attestation is subject to verification by regulatory authorities. If the purchaser's intent is to defraud, however, this certificate will include false information.

How does a whistleblower policy function within a sanctions compliance program?

An established whistleblower program should be a core aspect of a sanctions compliance program, providing an anonymous channel through which to escalate identified issues. It also should establish a policy of non-retaliation for the identification and exposure of issues. The whistleblower program should be part of the firm's code of conduct and should be included as a regular part of training. Employees should understand how the whistleblower process works. Often this takes the form of a hotline managed by an external third party and routed internally to the proper escalation channels.

Give at least 8 examples of common identifiers for sanctions targets (both individuals and legal entities).

An identifier is a type of information about a sanctions target that is recorded on a sanctions list. Identifiers apply to both individuals and legal entities. For individuals, the most common identifier is the name or names of a sanctions target. Other identifiers include date of birth, passports and national identification numbers, nationality, place of birth, country of residence, names of any entities or individuals with whom a target has been associated or linked, and other sanctions or penalties previously imposed against a target. For legal entities, common identifiers include registered or corporation name, registration number, registered or legal address or any known operating address, jurisdiction associated with the entity and/or its activities, names of associated entities or individuals, and website, email, telephone, and fax details.

What is an inequalities list?

An inequalities list is a list of words or names that automated screening tools often mistake as matches and thereby create potential matches to targets named on sanctions lists. These are words or names that the organization's compliance team has checked and confirmed do not actually match up, such as Andrew and Andrea. An addition to an inequalities list will apply the inequality to all future screened instances and decrease the likelihood of a future match. Therefore, inequalities lists should have sufficient controls (at least dual controls) for additions to the list and periodic review.

What is the purpose of asset freezing/blocking?

Asset freezing, also referred to as asset blocking, is the practice of removing an individual's or legal entity's access to assets during, or as the result of, an investigation into a sanctions violation. This prevents a person who is targeted by sanctions from accessing or using his or her bank account or other financial assets.

How are back-to-back letters of credit used as a sanctions evasion technique?

Back-to-back letters of credit are used in sanctions evasion in this way: Bank A issues a letter of credit as collateral to Bank B in order to issue a separate letter of credit to the beneficiary. This often happens when the underlying agreement between the applicant and beneficiary contains restrictions about the credit quality of the bank that is issuing the letter of credit, the location of the issuing bank, or other stipulations that prevent the applicant's bank from issuing a direct letter of credit to the beneficiary. The sanctions evader uses the back-to-back letter of credit to remove the name of a sanctioned bank from the documentation.

What should sanctions compliance team members know about a firm's data, data flows, and data validation?

Because IT and data are fundamental parts of ASTs, it is important for sanctions compliance teams to work with IT to properly understand how data works within the firm, where data is stored, what data is available, and the quality of the data. It is also important to understand how data is being extracted (i.e., taken from one system, transformed or modified, and loaded or ingested between systems). Sometimes important data can be lost or modified through the extraction, transformation, and loading (ETL) process from one system to another in ways that can result in a compliance breach.

List and explain the usage of the three common SWIFT message types.

Common SWIFT (Society for Worldwide Interbank Financial Telecommunications) message types include: • MT103 (Serial Method): Payment message sent from an originating bank (on behalf of a customer) via intermediary banks to a beneficiary bank (on the behalf of a beneficiary customer) • MT202: Bank-to-bank instructions that are used solely by, for, and on behalf of financial institutions • MT202COV (Cover Method): When a payment is sent via an intermediary bank to a receiving correspondent involving an underlying MT103 customer credit transfer With the MT202COV, the payment message contains a sequence B field. Sequence B information must be identical to the same fields of 50a and 59b of the underlying MT103.

How are comprehensive sanctions different from targeted sanctions?

Comprehensive sanctions prohibit all transactions and activity with a sanctioned country by the sanctioning country except in rare, specific instances (e.g., exemptions for humanitarian purposes). Comprehensive sanctions also include a full trade embargo and a cease of diplomatic relations. Different sanctions regimes have different comprehensively sanctioned countries because sanctions are a matter of foreign policy. Comprehensive sanctions do not discriminate between the individuals in a country who are shaping and implementing policy and the uninvolved residents in that country; as such, they can be viewed as unhumanitarian. In contrast, targeted sanctions are sanctions against a specific target, generally with a goal of a specific outcome. They allow for greater discrimination in imposing sanctions, especially considering that a particular geographic location can contain many different ethnicities, minorities, and other groups.

How do sanctions evaders use the technique of concealment?

Concealment is a trade-related evasion method. Sanctions evaders depend on concealment to avoid sanctions, fines, and scandal. They may: • Obscure the origin of certain goods or funds •Obscure the path of a vessel • Hide the identity of the receiver/end user of goods • Transfer letters of credit • Remove the names of financial institutions involved in the backing instrument The most challenging method of evasion can be concealment of beneficial ownership and control information. Sanctioned individuals and entities will often try to conceal their ownership of various business interests so that those business interests can establish accounts and transact business in jurisdictions where they are sanctioned.

Define control effectiveness.

Control effectiveness is the measurement of the quality of controls used to mitigate a business' inherent risks (also referred to as mitigation measures or quality of risk management). These controls should be both appropriate and effective to mitigate the identified sanctions risks. That is, they must be proportionate. Where there is an elevated risk, the controls should be more comprehensive to mitigate that risk.

What is correspondent banking, and why are the sanctions risks potentially higher and more difficult to identify when a financial institution offers correspondent banking to other firms?

Correspondent banking is the provision of banking services by one bank (the correspondent bank) to another bank (the respondent bank). Large international banks typically act as correspondents for hundreds of other banks around the world. Respondent banks may be provided with a wide range of services, including cash management (e.g., interest bearing accounts in a variety of currencies), international wire transfers of funds, check clearing services, payable through accounts, and foreign exchange services. By their nature, correspondent banking relationships create a situation in which a financial institution carries out financial transactions on behalf of customers of another institution. This indirect relationship means that the correspondent bank provides services for individuals or entities for which it has neither verified the identities nor obtained any firsthand knowledge

Describe customer due diligence (CDD) as part of risk management.

Customer due diligence (CDD) is a set of internal controls that enable a financial institution to establish a customer's identity, predict with relative certainty the types of transactions in which the customer is likely to engage, and assess the extent to which the customer exposes the institution to a range of risks (i.e., money laundering and sanctions). Organizations need to know their customers through CDD to guard against fraud and comply with the requirements of relevant legislation and regulation. Effective CDD programs help to protect banks' reputations and the integrity of banking systems by reducing the likelihood of banks becoming a vehicle for or a victim of financial crime. As such, they constitute an essential part of sound risk management.

What does it mean when a financial institution "deals in funds"?

Dealing in funds occurs when a financial institution moves, transfers, alters, uses, or accesses funds it has frozen. Dealing in funds also includes interacting with funds in any way that would result in any change to their volume, amount, location, ownership, possession, character, or destination, or any change that would enable the funds to be used, including portfolio management. Dealing in funds is a practice that should be avoided by financial institutions. Asset-freezing restrictions require that frozen assets must be segregated.

What is delisting, and which UN offices are involved in the process?

Delisting is the process of removing a sanctions target from a list after the restrictions imposed on them have been removed. The UN adopted the Focal Point for Delisting to ensure that fair and clear procedures exist for (1) placing individuals and entities on the sanctions lists, (2) removing them, and (3) granting humanitarian exemptions. Individuals and entities, except for those on the ISIL (Da'esh) and Al-Qaeda sanctions list, may petition for removal from the UN sanctions list through the Focal Point process or through their state of residence or citizenship. Entities on the ISIL (Da'esh) and Al-Qaeda sanctions list must submit their petitions for delisting through the Office of the Ombudsperson.

Explain the concept of delivery channels, including its relationship to sanctions risk

Delivery channels are the ways in which products and services are provided by a firm to its customer (also referred to as servicing methods and distribution channels). For example, reliance upon brokers, intermediaries, and other independent third parties poses a higher sanctions risk than when a business interacts directly with customers and suppliers. The absence of face-to-face onboarding presents a higher risk than when customers are onboarded directly or through a domestic affiliate. Other delivery channels without face-to-face onboarding, such as internet banking and money services businesses, are also considered to pose a higher inherent sanctions risk. A delivery channel that processes payments quickly is also a higher risk.

What is the purpose of control, and why is it sometimes referred to as "four eyes"?

Dual control is a principle whereby at least two employees are required in order to complete an internal control task—thus, "four eyes." The purpose of dual control is to protect against internal fraud and prevent internal control failure at a single point.

Define dual-use goods, and give two examples of red flags related to dual-use goods and sanctions violations.

Dual-use goods are the products or technology that can be used for both military and civilian purposes (e.g., missile technology, which can be used for both scientific research and military action). The restrictions imposed on dual-use goods are referred to as embargoes or trade restrictions. Red flags concerning dual-use goods: • Customer details are similar to those found on the BIS DPL. • Customer is evasive about the end use of the goods or whether they will be re-exported. • Customer has little or no export or trade business background. • Shipping route is abnormal. • Packing is inconsistent with the stated method of shipment or destination. • Delivery dates are vague, or deliveries are planned for unusual destinations. • Product's final destination is a freight-forwarding firm.

When is enhanced due diligence (EDD) appropriate, and what does it do?

Due to the targeted nature of sanctions and the risks of links to terrorist financing, it is important to have in place solid governance frameworks for business activities in or related to sanctioned countries and terrorist financing networks. Therefore, firms need to develop appropriate risk assessment tools with which to identify highrisk customers and high-risk products, and then subsequently undertake enhanced due diligence (EDD) to identify the direct and, more importantly, the indirect links to sanctioned entities and individuals.

What is the intended impact of economic sanctions on targets?

Economic sanctions, which can include trade sanctions and financial sanctions, are intended to impact targets by limiting the target country's exports, restricting its imports, or impeding finance (including reducing aid). Economic sanctions apply to property, a term that is very broadly defined to include much more than money and trade goods. In the US, the terms "property" and "property interest" include checks, merchandise, trademarks, annuities, and a broad array of other interests, as defined in US law. This broad definition includes virtually all financial or commercial activity. Although there are sanctions, such as travel bans, that do not involve property, economic sanctions have by far the most implications for sanctions compliance programs.

What is event-triggered monitoring, and when does it occur?

Event-triggered monitoring is an internal control used to mitigate sanctions risks. Event-triggered monitoring occurs whenever relevant information about an existing customer (e.g., its jurisdiction of operation) changes, therefore requiring an interim review of information prior to a scheduled review

What are the two causes of a false negative screening result?

False negatives can be: 1. A hit that is identified during the screening process as a possible alert, but is dismissed, when in fact there is a match to a target named on a sanctions list 2. Screened activity that would have generated a hit if the screening process had been calibrated to catch such activity, such as a target match that is unidentified because thresholds are too high

What are the six Financial Crimes Enforcement Network (FinCEN) suggested guidelines for strengthening a compliance program

FinCEN suggests six guidelines for strengthening compliance culture in financial institutions, including: 1. Leadership must actively support and understand compliance efforts. 2. Efforts to manage and mitigate compliance deficiencies and risk must not be compromised by revenue interests. 3. Relevant information from the various departments within the organization must be shared with compliance staff to further the institution's compliance efforts. 4. The institution must devote adequate resources to its compliance function. 5. The compliance program must be effective. One way to ensure this is by using an independent and competent party to test the program. 6. Leadership and staff must understand the purpose of its compliance efforts and how its suspicious transaction reporting (STR) is used.

What does the New York State Department of Financial Services (NYDFS) Final Rule Part 504 require?

Final Rule Part 504 is a regulation issued by the New York State Department of Financial Services (NYDFS) on June 30, 2016, to emphasize the need for sound transaction monitoring and filtering programs (TMPs). The Rule requires regulated institutions to maintain TMPs reasonably designed to monitor transactions (1) after their execution for compliance with the Bank Secrecy Act and AML laws and regulations, and (2) prior to their execution for compliance with the US treasury department's Office of Foreign Assets Control (OFAC). The regulation includes suspicious activity reporting requirements and prevention of unlawful transactions with targets of economic sanctions administered by OFAC.

What is the role of OFAC's enforcement guidelines in cases of noncompliance?

In the US, OFAC uses its enforcement guidelines to determine how to respond to a sanctions violation. In such cases, OFAC may take no action, or may take a number of actions, including requesting additional investigation, issuing a caution, imposing a civil monetary penalty, or referring the case for criminal prosecution. The guidelines also establish a payment schedule that may be imposed based on violations.

What is fuzzy logic, and what are some common fuzzy logic algorithms?

Fuzzy logic is a matching technique for increasing the effectiveness of screening by overcoming problems, e.g., flawed records and databases. It employs algorithms that use "degrees of similarity" to determine the probability that two names are the same. Fuzzy logic can find matches in misspelled names, incomplete names, and names with different spellings but similar sounds or phonetics. It accepts different formats for date of birth and other inconsistencies. Fuzzy logic uses several common algorithms, including: • Phonetic: Reducing names to a key or code based on their pronunciation, so that similar sounding names share the same key • Edit Distance or Levenshtein: Examining how many character changes it takes to get from one name to another • Equivalence and Non-Equivalence: Teaching the system through human feedback which similarities are equivalent and non-equivalent

What are asset forfeiture and asset confiscation/seizure, and what is their goal?

In civil asset forfeiture, assets unrelated to the commission of a crime can be taken from the individual accused of committing a crime. Asset confiscation/seizure is the practice of taking ownership of an individual's or legal entity's assets during or as the result of an investigation into a sanctions violation. Asset forfeiture and confiscation/seizure are important tools to help law enforcement agencies defund organized crime and prevent the commission of new crimes.

What precipitated passage of the Magnitsky Act in the US?

In the US, the Magnitsky Act allows for unilateral, global sanctions to be imposed on human rights offenders and corrupt actors. Assets can be frozen and offenders can be barred from entering the US. The act originated from the mistreatment of attorney and auditor Sergei Magnitsky by Russian officials while he was in a Moscow prison for investigating fraud related to Russian tax officials. The law allows the US to sanction foreign government officials involved in human rights abuses anywhere in the world, including those found involved with the assassination of the Washington Post reporter Jamal Khashoggi in 2018.

What is inherent risk, and what are the four main inherent risk categories?

Inherent risk is the level of sanctions risk that exists before controls are applied to mitigate them. There are four main inherent risk categories: • Customers • Products and services • Countries • Delivery channels These categories of risk are similar to those considered in AML and terrorist financing risk assessments.

What is required in the initial and periodic schedules for reporting frozen assets?

Initial reporting occurs immediately when funds are identified and a freeze or reject is activated. This report usually includes providing the regulatory body with a detailed breakdown of the financial institution's exposure to the sanctions target. In addition, many jurisdictions require periodic reporting (annual or quarterly) from financial institutions. OFAC requires annual reports. These reports provide a summary of the assets the firm is holding in compliance with specific sanctions restrictions and how the assets have been segregated.

What is the function of Real Time Gross Settlement Systems (RTGS)?

International wire transfers use Real Time Gross Settlement Systems (RTGS) within a given jurisdiction. In RTGS, money or securities are transferred between banks on a "real time" and "gross" basis, i.e., payment transactions are not subject to a waiting period, and each transaction is settled on a one-on-one basis.

What does FATF Recommendation 10 specify regarding Know Your Customer due diligence?

Know Your Customer (KYC) is FATF's Recommendation 10. FATF recommends that institutions incorporate the following measures into their KYC programs: • Identifying the customer and verifying the customer's identity using reliable independent source documents, data, or information • Identifying the beneficial owners and taking reasonable measures to verify their identities • Understanding and, as appropriate, obtaining information on the purpose and intended nature of the business relationship • Conducting ongoing due diligence on the business relationship and scrutinizing transactions undertaken throughout the course of the relationship to ensure that the transactions being conducted are consistent with the institution's knowledge of the customer, their business, their risk profile, and, where necessary, the source of their funds

What is the role of "loitering" in trade-related sanctions evasion?

Loitering is a process used by sanctions evaders while switching cargo on the open sea. A ship from the selling country arranges with a ship from the sanctioned location to meet in international waters, beyond the jurisdiction of any of the surrounding countries' coast guard or naval forces. Then the ships transfer the cargo on the open water. The goods have documentation bearing a false destination and perhaps a false buyer, or they are not listed on the sending ship's cargo manifest. There may also be a false entry showing delivery at a false destination. To avoid electronic traces of the meeting, both ships turn off their Automatic Information System (AIS) transponders. Details of their precise location are not transmitted and do not alert authorities to the meeting.

List at least five mandatory sanctions lists that must be screened against.

Mandatory sanctions lists are supranational sanctions lists, such as those including targets designated by the United Nations Security Council Resolutions (UNSCR), that a firm must screen against. Depending on the country in which a business is located and operates, local sanctions regimes may be mandatory and should be included within a firm's sanctions compliance program. Other mandatory lists include: • EU lists, if the firm is in Europe • US lists • Host country's lists • Lists of the financial institution's parent company's country, if the firm is a branch or subsidiary of an organization outside of the host country • Lists of major jurisdictions with which the organization trades • Lists of other neighboring countries, especially if the financial institution uses their currency

What are the three lines of defense within the governance structure of a sanctions compliance program?

The three lines of defense within the governance structure of a sanctions compliance program are the business line (front line), sanctions compliance, and internal audit.

Define the concept of money laundering.

Money laundering is the process of concealing or disguising the existence, source, movement, destination, or illegal application of illicitly derived property or funds to make them appear legitimate. Money laundering typically involves a three-part system: placement of funds into a financial system; layering of transactions to disguise the source, ownership, and location of the funds; and integration of the funds into society in the form of holdings that appear legitimate. The definition of money laundering varies in each country where it is recognized as a crime.

What is the purpose of a Mutual Evaluation Report (MER)?

Mutual Evaluation Reports (MERs) provide an in-depth description and analysis of a country's systems for limiting financial crimes based on FATF recommendations. Although the reports are not sanctions, they have the potential to influence the risk a financial institution will take when dealing with a particular country or region.

Describe the process of name screening.

Name screening is the process of matching an internal record (i.e., customer, counterparty, or related account party) against a sanctioned list record, either manually or through an automated screening tool. Name screening may also include batch name screening, which allows a firm to screen its entire customer base using automatic screening tools on a periodic basis. When onboarding new customers, name screening against sanctions lists is undertaken prior to accepting a new customer relationship, and it is done in real time. Name screening forms a part of entry controls, which give the financial institution more opportunities to collect SDD information.

Describe nesting and downstreaming as sanctions evasion methods.

Nesting occurs when a foreign financial institution accesses the US financial system through an account it holds with another foreign financial institution—without the parties within the US financial system understanding that they are facing a customer's customer (nested accounts). When a correspondent bank provides services to a respondent bank in another country, the downstream respondent bank or other financial institution can process its customer's transactions through the upstream correspondent. Downstreaming occurs when the downstream correspondent has a motive to evade sanctions for a customer, or a customer conceals information before presenting the transaction for processing, resulting in the upstream correspondent bank being exposed. That bank will process a transaction for which it has incomplete or incorrect information, and it could unwittingly participate in sanctions evasion.

Are autonomous sanctions only implemented by single governments? If yes, give an example of a single government that has autonomous sanctions. If not, give an example of a different entity that has autonomous sanctions.

No. Autonomous sanctions can be employed by a single entity or government, such as Australia, or a coalition of governments, such as the EU, acting to enforce a sanctions regime. Most countries have their own version of autonomous, unilateral sanctions. However, the EU also has autonomous sanctions. These occur when its Council decides to impose sanctions on its own initiative. Although most countries in the EU do not rely on autonomous sanctions, choosing instead to rely on the EU framework, EU member countries, in turn, can have their own autonomous sanctions, such as when Latvia passed a version of the US's Magnitsky Act in 2018, imposing travel restrictions on 49 Russian citizens.

What factors does OFAC consider when determining the civil penalty for a sanctions violation?

OFAC determines whether a sanctions violation should result in a civil penalty, and if so, what the amount of the civil penalty should be. When determining whether to initiate a civil enforcement proceeding, OFAC considers factors such as "whether the violation involved willful or reckless conduct, the harm the violation caused to the sanctions program objectives, and the individual characteristics of the violator." These characteristics may include whether the violator has a sanctions compliance program, how sophisticated the program is, and what, if any, remedial measures were taken to address the issue and prevent its recurrence. Other considerations include the egregiousness of the case, the level of cooperation, the quality of the compliance program, whether management was involved in the violation, and whether the entity self-disclosed the violation.

Who/what is included on the Specially Designated Nationals and Blocked Persons (SDN) List, and how is the list used?

OFAC's Specially Designated Nationals and Blocked Persons (SDN) List is a list of individuals and companies that are owned, controlled by, or acting on behalf of a targeted country. The list also includes groups and people, such as terrorists and drug traffickers, who are associated with a specific crime versus a country. The US Treasury maintains the list and may name a person or company as an SDN. When the government identifies a person or company as an SDN, it blocks their assets and forbids US persons to do business with them. The government may also impose fines and imprison lawbreakers, and individuals may lose their export privileges. The US government may put the person or business on a list of blocked, denied, or debarred individuals and institutions.

Explain the common error of "pass-through sanctions risk."

Pass-through sanctions risk is the incorrect assumption that the sanctions risks associated with a customer's affiliates or subsidiaries is simply a problem for the customer to assess and manage. Regulators in the United Kingdom and United States require all parties within a transaction chain to check for possible sanctions risks. It is important for financial institutions to ask for and review information about a customer's affiliates and subsidiaries.

How is payment screening different from name screening?

Payment screening is a method of screening that focuses on screening payment messages. Unlike name screening, payment screening takes place with current customers and is performed before a payment or message is processed. Payment screening relies on payment messages using predefined templates, codes, and acronyms to describe certain information. The information provided in these predefined templates is typically provided by a third party; therefore, the firm has little, if any, control over how the data is presented.

What is the difference between primary and secondary sources of information in a sanctions compliance context?

Primary sources of information provide direct evidence about sanctions and sanctions targets. Sanctions instruments and official sanctions lists published by government bodies and their regulators represent a critical type of primary source. These key primary sources encompass various types of documents, including key legal documents, key sanctions lists, key trade activity lists, and transaction activity. Secondary sources contain information that has generally already appeared in primary documents. Commonly used secondary sources include corporate registers, third-party databases, and media publications. Inquiries for gathering primary and secondary sources are conducted separately. If there is a discrepancy between primary sources and secondary sources, it is a red flag that deserves further investigation.

With regard to trade activities, what are the regulatory expectations regarding the parties screened?

Regulators require sanctions screening in trade finance to be comprehensive and performed on all of the parties involved in a trade transaction. Importantly, screening should not be limited to individuals or legal entities. It should also include the: • Vessel used to transport goods (e.g., name, owners, consigner, consignee) • Shipping company • Shipping routes • Agents or third parties present in the transaction • Ports of call (origin port, transshipment location(s), and destination port) • Recent voyage history of the vessel

Define the process of romanization.

Romanization is the process of taking a different writing system (i.e., one that often does not use the Latin A-Z alphabet) and converting it into Latin script—that is, converting writing into the script that languages, such as English, are written in today. Some scripts do not have equivalent letters or symbols; as a result, there can be variations in the spelling of names and words, even when they're written in the standard alphabet.

List at least 8 key fields used in SWIFT payment messages.

SWIFT messages are designed with predefined fields. Key SWIFT fields include: • Transaction Reference Number • Bank Operation Code • Value Data / Currency / Interbank Settled • Currency / Original Ordered Amount • Ordering Customer (Payer) • Ordering Institution (Payer's Bank) • Sender's Correspondent (Bank) • Receiver's Correspondent (Bank) • Intermediary (Bank) • Account with Institution (Beneficiary's Bank) • Beneficiary • Remittance Information (Payment Reference) • Details of Charges (BEN / OUR / SHA) Certain fields in a SWIFT payment message tend to be the most relevant for screening, such as the ordering customer, beneficiary, and message details fields, which need to be screened against all relevant sanctions lists.

Why is it important for firms to perform real-time screening?

Sanctions are generally strict liability, and the regulatory expectation is that transactions will be screened prior to their execution, i.e., via realtime screening. Real-time screening may be manual or automated (i.e., using ASTs).

What is the purpose of sanctions?

Sanctions are measures or actions taken against a target to influence its behavior, policies, and/or actions. Sanctions can restrict trade, financial transactions, diplomatic relations, and movement. Also referred to as restrictive measures, sanctions can be specific or general in their implementation and enforcement.

How do thematic sanctions differ from economic sanctions?

Sanctions can target activities or geography. Thematic sanctions focus on particular issues or concerns that may cut across geographic boundaries, such as counter-narcotics sanctions. In contrast, geographic sanctions target specific countries or regions, such as North Korea and Crimea. Examples of thematic sanctions include the strengthening of human or labor rights, freeing of captured citizens, and reversal of land captures. Although the EU has historically imposed geographic sanctions, in recent years, it has also adopted thematic sanctions, including those promoting human rights.

What is sanctions compliance?

Sanctions compliance is the act of adhering to the sanctions-related legislation, regulations, rules, and norms that make up the complex sanctions landscape.

How does falsification of documents aid sanctions evaders, and what measures can help reduce the impact of this evasion method?

Sanctions evaders often falsify commercial invoices, bills of lading, and cargo manifests to conceal shipment contents or destinations that would arouse suspicion or trigger sanctions controls. The physical merchandise is seen only when packaged and unpackaged, or if authorities make a random inspection. Otherwise, the shipment documentation (hard copy or electronic) is taken at face value. When a sanctions evader falsifies details, shipments "fly below the radar," with the contraband goods or sanctioned parties involved passing unnoticed. Spot checks by customs authorities identify some fraud. However, thousands of containers of goods pass through ocean ports around the world daily. Authorities rely on every party involved in a trade transaction to consider all other parties and all details involved in the transaction and to identify when something seems out of place

In general, what is the role of screening in an effective sanctions compliance program?

Sanctions screening is one of the key controls of an effective sanctions compliance program. In simple terms, screening involves checking information obtained about a person, entity, goods, or services against sanctions lists that prohibit making funds or financial services available and/ or restrict or prohibit trade in certain goods or services. When screening generates an alert, the data is reviewed and assessed.

What are secondary sanctions, and what is their purpose?

Secondary sanctions are sanctions that apply to non-US persons who are involved in transactions with individuals and entities in other countries. The purpose of secondary sanctions stems from globalization weakening the impact of primary sanctions as alternative finance and trade become more available. Secondary sanctions are an example of a state exercising extraterritorial jurisdiction

For a financial institution or jurisdiction, what is the consequence of being designated a primary money laundering concern?

Section 311 of the USA PATRIOT Act directs the Treasury to designate a financial institution or jurisdiction as being of "primary money laundering concern" based on numerous factors, including the extent to which the institution is used to facilitate or promote money laundering. Although Section 311 is not technically a sanction, the results of Section 311 measures can be just as severe because they prohibit US financial institutions from providing products or services to other financial institutions that in turn provide products or services to one of the designated institutions or jurisdictions of concern. Moreover, US institutions provide an annual notice to their foreign financial institution customers warning them against maintaining these downstream correspondent accounts. The targeted financial institution is effectively cut off from the US dollar payment system.

What are shell companies, and how are they used by sanctions evaders?

Shell companies are companies without active business or significant assets. These companies are legal, but sanctions evaders often use them illegitimately, e.g., to disguise business ownership. Evaders also can use shell companies to hide the identity of end users or the final destination of goods. For example, evaders can incorporate a front or shell company in a third country and arrange for citizens of that third country to manage it. This can make it seem as though the company buying the goods (the end user) is operating in a third country. FATF has stated that shell companies are one of the most frequently used methods to hide identities.

Define sanctions due diligence (SDD).

Similar to Know Your Customer (KYC) / customer due diligence (CDD), sanctions due diligence (SDD) is a process that focuses on the risks specific to sanctions, taking into account governance and risk assessment. SDD builds upon the KYC/CDD information an organization collects as part of its existing AML program. SDD is applied throughout the life cycle of a relationship (1) at the start of a relationship (i.e., onboarding), (2) when new products are introduced, (3) in response to trigger events during a relationship, such as a "match" generated by a screening tool, (4) during periodic reviews, and (5) when a relationship ends.

As one of the first steps in an investigation, what is a simple check?

Simple checks are one of the first steps in an investigation. Essentially, they are the initial actions taken to discount or confirm a sanctions link. An example of a simple check includes comparing data about a sanctions target with a firm's Know Your Customer (KYC) data.

What is the difference between static and unstructured data in relation to a firm's use of ASTs?

Some firms use two different ASTs to separate screening of unstructured data and static customer data. Even with one AST, firms may use different thresholds because the screening of real-time payment messages can contain unstructured data in the form of a "purpose of payment." In addition, the messages can contain names and places with typographical errors and other mistakes because they were entered and sent from an outside institution. With static customer data, dual controls ensure that one person enters the name correctly and the other person checks it for accuracy. Firms tend to have higher data quality that is verified against legal documents for their customers than for the counter-parties. As such, the thresholds may be higher when screening static data.

What is string matching?

String matching is an algorithm for efficient searching that involves finding occurrence(s) of a pattern string within another string or body of text. Also referred to as pattern matching, this method can be used to recognize social security numbers, telephone numbers, zip codes, and any other information that follows a specific pattern. It is also useful for looking for information that follows leading text and then extracting the text that comes after it, as well as reprocessing documents. This algorithm works by reading through text strings to match patterns.

Define stripping, and identify ways in which jurisdictions can prevent it.

Stripping involves omitting or removing key information, such as the sender's name or the business name, from a payment message to avoid detection. It may occur with or without the knowledge of other participants in the transaction. When a wire transfer travels through multiple parties before reaching the intended destination, there are multiple opportunities for information to be abbreviated, omitted, or altered. Therefore, most jurisdictions have enacted laws that require payments to contain certain "basic" information, including the sender's and recipient's names and addresses. When a wire originates from a sanctioned entity or location, and the intent is to deliver it within the US or EU, where restrictions would ordinarily flag the payment and block it, sanctions evaders have an incentive to remove the information that would trip the system.

Define targeted/smart sanctions.

Targeted sanctions (or "smart" sanctions) are sanctions against a specific target, generally with the goal of a specific outcome. Targeted sanctions can exist in the form of financial or trade restrictions focused on restricting movement, and they can be applied unilaterally by one country or multilaterally by many countries. Targeted sanctions allow for greater discrimination in imposing sanctions, especially considering that a particular geographic location can contain many different ethnicities, minorities, and other groups. The idea is that the policy and behavior of the government is not necessarily reflective of the attitudes of the people being governed. Targeted sanctions also reject the philosophy that causing civilian pain and unrest leads to political change, or hold that if it does, such a trade-off is not acceptable.

What are the intended consequences of travel bans?

The UN and EU rely on members to enforce sanctions regimes. The US is best known for its enforcement of penalties and the resulting fines; however, other nations have begun issuing more severe penalties for sanctions violations.

What do the Bank Secrecy Act's Travel Rule and FATF Recommendation 16 specify regarding data transfer?

The Bank Secrecy Act (BSA) contains 31 CFR 1010.410(f), or the "Travel Rule," requiring financial institutions to pass on specific information to the next financial institution in the payment chain for certain fund transmittals that involve more than one financial institution. The Travel Rule, which only applies to funds transmittals of $3,000 USD or more, requires the transmitting institution to include specific information in a transmittal order (e.g., name of transmitter, identity of recipient's financial institution, etc.). FATF Recommendation 16 specifies the need for financial institutions to provide information about the originator of a payment as well as the beneficiary. Under this recommendation, banks have a more explicit obligation to monitor the quality of data in the transactions they receive.

What is the Bureau of Industry and Security (BIS), and what does it do?

The Bureau of Industry and Security (BIS) is a section of the US Department of Commerce that is responsible for ensuring that financial sanctions are properly understood, implemented, and enforced in the United States. Among other tasks, BIS regulates the import and export of sensitive, dualuse, and controlled goods and materials. BIS also maintains the Entity List, the Denied Persons List, and the Unverified List. The mission statement of BIS is: "Advance US national security, foreign policy, and economic objectives by ensuring an effective export control and treaty compliance system and promoting continued US strategic technology leadership."

What is the Denied Persons List (DPL)?

The Denied Persons List (DPL) is a list, published by the Bureau of Industry and Security (BIS), of individuals, entities, and companies that have been denied export privileges, most commonly because they have violated the Export Administration Act. American companies and individuals are forbidden from entering into any export dealings with any person or entity on the DPL.

What is the role of the EU's Common Foreign and Security Policy (CFSP) in terms of sanctions?

The EU adopts sanctions through decisions made by the Common Foreign and Security Policy (CFSP). Prior to going to the CFSP, the proposed sanction is examined and discussed by a regional preparatory body. Next, it works its way through the Working Party of Foreign Relations Counsellors (RELEX), the Political and Security Committee (PSC), and the Committee of Permanent Representatives (COREPER II). After making it that far, the resolution must be unanimously adopted by the CFSP. Upon being published in the Official Journal of the European Union, the sanction goes into effect.

How does the EU use blocking regulations as a countermeasure to US extraterritorial sanctions?

The EU's blocking regulations (Regulation No. 2271/96) essentially ban Member States from complying with or assisting the US in enforcing restrictions imposed under extraterritorial sanctions. Article 5 of the blocking regulation provides a mechanism for EU companies to ask the European Commission for an exemption to the regulation "if they can demonstrate that compliance with the regulation would 'seriously damage their interests' or the interests of the EU." Additionally, the EU blocking regulation allows Member States to impose sanctions when there is a breach of the EU's blocking regulation. It also allows an EU person impacted by extraterritorial sanctions to recover damages for losses resulting from "the application of [extraterritorial sanctions] or actions based thereon or resulting therefrom."

Define Export Administration Regulations (EAR).

The Export Administration Regulations (EAR) comprise a set of regulations administered and enforced by the Bureau of Industry and Security (BIS), a division of the US Department of Commerce. They apply specifically to physical goods or commodities such as technology, software, and other items subject to export controls.

What is the difference between the FATF blacklist and individual firms' blacklists?

The FATF blacklist is a list of countries that FATF has determined are noncooperative in the international fight against money laundering and terrorist financing. Member countries of FATF are expected to apply countermeasures against blacklisted countries to guard the international financial system from the risks arising out of those jurisdictions. Firms can also maintain an internal blacklist, i.e., names (including places, persons, entities, and individuals) that are screened to identify any sanctions exposure, in addition to government and vendormaintained sanctions lists. Other potential additions to a firm's internal blacklist may come from OFAC advisories and other warnings that list entities that did not merit being placed on the SDN list but are still considered high risk.

What is the FATF greylist?

The FATF greylist is a list of countries that do not merit inclusion on the blacklist, but have strategic deficiencies in their anti-money laundering and counterterrorism financing regimes. Additionally, these countries have not made sufficient progress or otherwise committed to action plans to address the deficiencies identified by FATF. Ongoing failure to address these deficiencies could eventually result in being moved from the greylist to the blacklist.

What is the Financial Action Task Force (FATF)?

The Financial Action Task Force (FATF) was chartered in 1989 by the Group of Seven (G7) organization to foster the establishment of national and global measures to combat money laundering. It is an international policy-making body that sets anti-money laundering standards and counterterrorist financing measures worldwide. Its recommendations do not have the force of law. Thirtyfive countries and two international organizations are members. In 2012, FATF substantially revised its 40+9 Recommendations and reduced them to 40. FATF develops annual typology reports showcasing current money laundering and terrorist financing trends and methods.

What is the purpose of the International Convention for the Suppression of the Financing of Terrorism?

The International Convention for the Suppression of the Financing of Terrorism was adopted by the UN General Assembly in 1999 to criminalize the financing of terrorism. The treaty calls for international cooperation in the detecting and freezing of assets that are used, or intended for use, to finance terrorism.

What powers does the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) give the US president?

The International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA) are US federal laws authorizing the president to impose sanctions by executive order during a state of emergency. Statutes and executive orders are then further implemented by enacting regulations. Most sanctions regimes are authorized via the IEEPA.

What is the Joint Comprehensive Plan of Action (JCPOA)?

The Joint Comprehensive Plan of Action (JCPOA) is a detailed agreement with five annexes reached by Iran and the P5+1 (China, France, Germany, Russia, the United Kingdom, and the United States) on July 14, 2015. The nuclear deal was endorsed by UN Security Council Resolution 2231, adopted on July 20, 2015. Iran's compliance with the nuclear-related provisions of the JCPOA is verified by the International Atomic Energy Agency (IAEA) according to certain requirements set forth in the agreement. On May 8, 2018, President Trump announced that the United States would withdraw from the JCPOA and reinstate US nuclear sanctions on the Iranian regime.

What is the goal of the Kimberley Process Certification Scheme?

The Kimberley Process Certification Scheme was established by the UN in 2003 to establish trade controls over conflict diamonds (i.e., uncut diamonds mined in an area of armed conflict and traded illicitly to finance the fighting). Within the process, governments are required to implement controls on the import and export of diamonds to certify and control the trade, as well as create a documentary trail as to the extraction and refinement processes.

Describe the four steps of the Know Your Customer (KYC) research model.

The Know Your Customer (KYC) research model involves: 1. Assess: "What do we need to know?" Determine what information the firm already knows, what information is missing, and how to most effectively collect that information. 2. Explore: "Where can we find the answers?" Execute the plan created to collect the necessary information. This step includes expanding the firm's research toolkit and effectively using time and effort. 3. Organize: "How do we make customer information meaningful?" Organize and structure the information collected in a meaningful way according to the firm's risk based approach. 4. Present: "How do we present customer information in a manner to fulfill its purpose, i.e., aid in the detection of suspicious activity?" Present the information collected in a meaningful way according to the firm's risk-based approach.

How does the OFAC 50% Rule prevent sanctions targets from creating complex corporate structures and spreading out their ownership holdings?

The OFAC 50% Rule states that if a sanctions target owns 50% or more of another legal entity, the legal entity is also subject to the sanctions restrictions—even if it is not itself named as a sanctions target. The rule does not simply apply to the ownership of a single company; it also requires that beneficial ownership be based on the total, or aggregate, amount of shares that sanctions targets own across a corporate structure. This rule prevents sanctions targets from creating complex corporate structures and spreading their ownership across the holding structure so they don't hold more than 50% of any one corporate entity. Therefore, the sanctions target is unable to circumvent sanctions and maintain access to its assets held in various entities.

What is the Office of Foreign Assets Control (OFAC)?

The Office of Foreign Assets Control (OFAC) is an agency within the US Department of the Treasury that is responsible for administering and enforcing economic sanctions issued as part of US foreign policy and by international organizations, such as the United Nations, against targeted foreign countries. It often works in consultation with other agencies, such as the Department of State, to oversee national security goals. A core component of the agency's responsibilities is the creation and maintenance of the Specially Designated Nationals (SDN) list.

What is the Office of the Superintendent of Financial Institutions (OSFI)?

The Office of the Superintendent of Financial Institutions (OSFI) is the primary agency regulating financial institutions in Canada.

What is the Sectoral Sanctions Identification (SSI) list?

The Sectoral Sanctions Identification (SSI) list is a list of individuals and entities targeted by sectoral sanctions. The SSI list is not part of the Specially Designated Nationals (SDN) list. However, individuals and companies on the SSI list may also appear on the SDN list. The SDN list is very broad, while the SSI list against Russia is very narrow.

What criteria does the United Nations Security Council employ for targeting individuals and entities with sanctions?

The UN uses sanctions as a measure to achieve international peace and security. Its Security Council has established key criteria for targeting individuals and entities, including: • Threats to peace, security, or stability • Violations of human rights and international humanitarian law • Obstructing humanitarian aid • Recruiting or using children in armed conflicts

What is the role of the International Atomic Energy Agency (IAEA)?

The UN's Treaty on the Non-Proliferation of Nuclear Weapons (NPT) established the International Atomic Energy Agency (IAEA) to monitor compliance with the terms of the treaty. The IAEA periodically inspects the facilities and operations of member nations that have concluded nuclear safeguards agreements with the Agency. It seeks to build confidence and trust among member nations, which helps to prevent the development of fissile material for military use.

What is the Non-Proliferation Treaty (NPT)?

The UN's Treaty on the Non-Proliferation of Nuclear Weapons, commonly known as the Non-Proliferation Treaty (NPT), was signed in 1968 and went into effect in March 1970. The NPT solidified the commitment of signing countries to prevent the spread of nuclear weapons. Its goal was to minimize the risk of the use of nuclear weapons in conflict, which could result in significant destruction. Likewise, the NPT sought to keep the weapons out of the hands of rogue nations and terrorists.

What is the significance of the USA PATRIOT Act to the field of anti-money laundering?

The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act) was enacted on October 26, 2001. This historic US law brought about momentous changes in the anti-money laundering field, including more than 50 amendments to the Bank Secrecy Act. Title III of the act, the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001, contains most, but not all, of its anti-money laundering-related provisions.

What is the objective of the Wassenaar Arrangement?

The Wassenaar Arrangement on Export Controls for Conventional Arms and DualUse Goods and Technologies, referred to as the Wassenaar Arrangement (WA), includes 42 states that have committed to greater responsibility and transparency in the exports of weapons and dual-use goods. The core objective of the WA is to provide information to members on those entities whose application for export licenses for providing certain goods were denied. The WA assists members to control arms exports and prevent arms from being acquired by terrorist groups.

Define facilitation.

The term facilitation describes actions taken by one person to assist or support another person in engaging in activity. Within a sanctions context, facilitation means when one person (person A), who is not allowed to engage in an activity either directly or indirectly, assists or supports another person (person B) to engage in that activity. The activity does not necessarily need to be prohibited for person B, but only for person A.

Use an example to explain why it is important for a firm's automated screening tool (AST) to be correctly and appropriately "mapped" to the firm.

The correct and appropriate mapping/ connecting of a firm's various systems and databases to the AST relates directly to operational effectiveness. Payment messages contain many fields of unique information. ASTs may require mapping from the message to the AST to ensure it uses the proper screening methods. For example, some fields only contain Bank Identification Codes (BIC); screening this field against the entirety of the OFAC list would generate numerous false positives. With proper mapping from this field to the AST, it would only screen this field against sanctioned BIC codes. Conversely, if a field from SWIFT were incorrectly mapped, the result could be severe under-screening of the message. Screening the freeform text in the "purpose of payment" field only against sanctioned BIC codes could result in many false negatives.

Define counterparty and explain how an institution establishes a counterparty relationship.

The customer relationship should be the primary defense against sanctions evasion. It is important to fully understand the nature of the customer, the businesses the customer is engaged in, the structure of the company and the individuals behind it, and where and with whom the company does business. With this knowledge, an institution is better armed to detect any activity that does not have a valid business purpose and does not make sense for the customer. A key risk area related to customers is jurisdiction or geography. It's important to understand a customer's geographic footprint, e.g., information about individuals such as: • Nationality (current and former) • Place of birth • Place of residence (current and former) • Place of employment • Tax residency • Occupation/travel for work

List at least five red flags that signal potential trade-related sanctions evasion.

The following are examples of red flags that could signal trade-related evasion: • Concealing identity: The customer's name or address is similar to that of a party on the BIS list of denied persons. • Concealing restricted goods as non-restricted: The customer is reluctant to offer information on the end use of the goods. • Concealing the final destination or transshipment: The shipping route is abnormal for the product or the destination. • Concealing the end use, the end user, or both: When questioned, the customer is evasive or unclear about whether the goods are for domestic use, export, or re-export. • Misuse of a front or shell company

What happens to a firm's residual risk when its control effectiveness weakens or inherent risk increases?

The residual risk matrix shows that a firm's residual risk increases as control effectiveness weakens (e.g., via the loss of strong compliance professionals) or as inherent risk increases (e.g., the firm launches a high-risk product without competent staff to mitigate the risk).

What is the risk formula suggested by the Wolfsberg Group for sanctions risk assessment?

The risk assessment formula suggested by the Wolfsberg Group is: Inherent Risk - Control Effectiveness = Residual Risk

In the context of licensing required to freeze assets, what does "scope of permitted activities" mean?

The scope of permitted activities specifies exactly which activities are permitted without a license under a sanction, and which are only permitted with a license. A license may stipulate that certain activities are only permitted during a certain period of time or during specified seasons.

Define beneficial owner.

The term "beneficial owner" (also referred to as ultimate beneficial owner) has two different definitions depending on the context: • The natural person who ultimately owns or controls the funds in an account through which a transaction is being conducted • The natural person(s) who ultimately owns or controls a customer or who exercises effective control over a legal person or arrangement

List five common lists used for sanctions screening.

There are many different sanctions lists, and targets can be named on more than one list. The following are the lists most commonly used for screening: • UN Security Council Consolidated Sanctions List • EU Consolidated Financial Sanctions List • US Office of Foreign Assets Control (OFAC) SDN and Blocked Persons List • OFAC Non-SDN Palestinian Legislative Council List • Bureau of Industry and Security (BIS) List of Denied Persons • Financial Action Task Force (FATF) List of High-Risk and Other Monitored Jurisdictions • UK Her Majesty's (HM) Treasury Consolidated List of Financial Sanctions Targets • Other countries' lists

How is the EU's European Best Practice Guidance different from OFAC in regard to sanctions due diligence and beneficial ownership?

There are three significant differences between OFAC and the EU's European Best Practice Guidance concerning SDD and beneficial ownership: 1. The EU's rule applies when a sanctions target owns more than 50% of a legal entity. 2. The EU has not yet implemented the aggregate rule. 3. The EU requires that assets be frozen when a sanctions target "controls" or exercises influence over an entity.

What is threshold calibration, and how does it relate to false negative and false positive results?

Threshold calibration is a method of adjusting the thresholds within the algorithms in an automated screening tool to match a financial institution's greatest areas of sanctions risk. A threshold is typically described as a percentage, and it controls the generation of alerts. Threshold calibration reflects the updating and reconfiguration of algorithms based on emerging trends, an institution's internal investigations, external information, and channels of financial crime activity developing and changing over time. If the percentage is set too high, only a few names will match, and the potential occurrence of false negatives increases. If the threshold percentage is too low, the tool will produce an excess of results, many of which will be false positives.

What are the five essential components of a sanctions compliance program, according to OFAC's "A Framework for OFAC Compliance Commitments"?

To help firms avoid sanctions violations and penalties, OFAC released "A Framework for OFAC Compliance Commitments," which provides guidance on sanctions compliance programs (SCPs). According to OFAC, the five essential components of an SCP are: 1. Management commitment 2. Risk assessment 3. Internal controls 4. Testing and auditing 5. Training

What are the general goals of trade sanctions?

Trade sanctions in the form of limits on a country's exports aim to reduce its foreign sales and its foreign exchange. Trade sanctions in the form of limits on a country's imports (or the sanctioning country's exports to the target country) aim to deny the targeted country critical goods. Total trade embargoes are rare because of their unintended consequences to the citizenry of a targeted country. Most trade sanctions are selective, targeting, for example, energy, gas, finance, or luxury goods. Moreover, in most cases, the trade is only diverted. Trade sanctions also rarely impact the political elite (who may also benefit from the black market), and their impact is generally diffused throughout the entire population of the country.

Define transaction monitoring and filtering program (TMP).

Transaction monitoring and filtering programs (TMPs) are required of financial institutions under the New York State Department of Financial Services (NYDFS) Final Rule Part 504 to monitor transactions after their execution for compliance with the Bank Secrecy Act and AML laws and regulations. It includes requirements for suspicious activity reporting as well as for monitoring transactions prior to their execution to prevent unlawful transactions with targets of economic sanctions administered by OFAC. Filtering programs may be manual or automated, and must be reasonably designed for the purpose of interdicting transactions that are prohibited by OFAC.

What is transliteration?

Transliteration is the conversion of text from one script into another—for example, a document written in Arabic characters that is converted into Cyrillic script. This phenomenon can present a name screening challenge.

What is the key information to collect about customers to help reduce a firm's sanctions compliance risk?

Undertaking SDD at onboarding is critical to identify potential sanctions risks and to identify customers who might later become sanctions targets. Key information to collect about customers includes: • The customer: Who is the customer? If it is a legal entity, who owns and controls it, and who are the beneficial owners and intermediate owners (i.e., those legal intermediary owners that are not natural persons), if appropriate? What assets do they hold, directly or indirectly? • The nature of the business: What goods/products and services do they use? What activities do they engage in? Could the goods or services have a military purpose? • The jurisdiction or geographical connections: In what jurisdictions do the parties operate? With which jurisdictions do they intend to interact (involving your institution as opposed to its overall operations)?

Who and what are the targets of sanctions screening?

Unlike AML requirements, which are limited to customers of the business, sanctions restrictions apply to all business activities and therefore to third parties. The types of different business activities and, in turn, the types of parties that should be screened include, but are in no way limited to, the following business arrangements: • Brokers • Agents • Vendors and other intermediaries • Trade finance and export-related activities • Purchasing, order processing, distribution, and payment management • Beneficial owners

What are the most important considerations and potential red flags to address during a transactional review?

When conducting a transactional review, consider the following: • Transaction activities can be a good source of primary information. • Limit the review to transactions that occurred within a defined, optimal timeframe. • Determine the extent of payment message review. • Define the nature of payments that the review will encompass. Transactions that are highly correlated with red flags include: online purchases, cross-border payments to countries with proximity to sanctioned territories, and transactions involving a money service business.

What is the benefit of voluntary self-disclosure of a sanctions violation?

When determining the consequences of a sanctions violation, OFAC considers whether the entity voluntarily self-disclosed the potential violation. If a company determines that it has violated OFAC sanctions, it may file a voluntary self-disclosure, taking the position that the violation only constitutes a civil violation as opposed to a criminal violation. However, a company may file a voluntary self-disclosure and OFAC may disagree with its filings or the nature of the violation (civil or criminal).

What are alerts within Know Your Customer procedures and within sanctions screening?

Within Know Your Customer procedures, alerts are potential discrepancies that are flagged, either manually or through an automated system, based on defined red flags and underlying typologies. Within sanctions screening, an alert is a hit, or multiple hits, of an internal record checked against sanctions screening lists. If they cannot be resolved easily as false positives, alerts generally result in investigations.

What is the role of a sanctions compliance officer (SCO) within a sanctions compliance program?

Within the second line of defense in the governance structure of a sanctions compliance program, the sanctions compliance officer (SCO) is responsible for ongoing monitoring for sanctions compliance. This monitoring includes sample testing and a review of exception reports to enable the escalation of identified noncompliance and other issues to senior management and, where appropriate, the board. The SCO is the contact point for all sanctions-related issues for internal and external authorities and is responsible for reporting suspicious transactions. To enable the successful oversight of the sanctions compliance program, the SCO must have sufficient independence from the business lines to prevent conflicts of interest and facilitate unbiased advice and counsel.